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DETAILED ACTION 

1 . This communication is in response to the Amendment filed January 29, 2007. 

Response to Arguments 

2. Claims 24 - 46 are pending in this Office Action and claims 1 - 23 have been 
cancelled. After a further search and a thorough examination of the present 
application, the new claims 24 - 46 are rejected. The claim objections to claims 
2, 3, 10, 12 - 14 and 18-20 are withdrawn in view of the 
cancellation/amendment. 

3. Applicant's arguments filed with respect to claims have been fully considered but 
they are not persuasive. The rejection is maintained and citations are proved in 
the rejection below. 

Claim Objections 

4. Claims 24 - 46 are objected to because of the following informalities: 

Claim 24 in its language while enlisting the features and limitation does 
not enumerate limitation j and skips from i to k. For examination of the claims 
examiner assumes that this was a typo and there were meant to be k 
limitations only. 

Claim 32 in its language while enlisting the features and limitation does 
not enumerate limitation j and skips from i to k. For examination of the claims 
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examiner assumes that this was a typo and there were meant to be k 
limitations only. 

Claim 40 in its language while enlisting the features and limitation does 
not enumerate limitation j and skips from i to k. For examination of the claims 
examiner assumes that this was a typo and there were meant to be k 
limitations only. 

Appropriate correction is required. 



Claim Rejections - 35 USC § 102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by 
the applicant for patent, except that an international application filed under the treaty defined in 
section 351(a) shall have the effects for purposes of this subsection of an application filed in the 
United States only if the international application designated the United States and was published 
under Article 21(2) of such treaty in the English language. 

6. Claims 24 - 46 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Williams et al. (Williams' herein after) (US 2005/001 5623 A1 ). 



With respect to claim 24, 

Williams discloses a method for effectively and efficiently identifying violations of 
privacy and security and guidelines in an information system, comprising the steps of : 
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a. providing vulnerability data having universal definitions applicable to different 
computing systems (paragraphs 54 and 70, Williams); 

b. providing regulation data relating to a particular set of regulations (paragraphs 73 
and 166, Williams); 

c. providing priority data relating to a list of vulnerabilities prioritized in a specific 
order (paragraph 21 2, Williams); 

d. providing keywords that are common to the vulnerability, regulation and priority 
data (paragraphs 01 39 and 0141 , Williams); 

e. searching for the keywords in the vulnerability, regulation and priority data 
(paragraphs 0139 and 0141, Williams); 

f. creating relational data based upon the searching step, the relational data 
establishes a specific relationship between the vulnerability, regulation and 
priority data (paragraphs 0053 and 0136 - 0137, Williams); 

g. determining a computer configuration for a target to be tested (paragraphs 56 
and 103, Williams); 

h. customizing a screening process for the target using the computer configuration 
found in the determining step (paragraphs 57 and 99, Williams); 

i. testing for vulnerability violations in the target based upon the customized 
screening process (paragraphs 92 - 93 and 135, Williams); 

j. determining, according to the vulnerability violations, which regulation data 
applies to which vulnerability data and the priority of the vulnerability violations 
(Figures 2 and 3, Williams); and 
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k. creating a prioritized report corresponding to the vulnerability violations and the 
regulations that apply to the vulnerability violations (Figures 2 and 3, Williams). 

With respect to claim 25, 

Williams discloses the method of claim 24 wherein the set of regulations are 
defined by Health Insurance Portability and Accountability Act (paragraph 0066, 
Williams). 

With respect to claim 26, 

Williams discloses the method of claim 24 wherein the set of regulations are 
defined by Graham Leach Bailey Act (paragraph 0066, Williams). 

With respect to claim 27, 

Williams discloses the method of claim 24 wherein the vulnerability violations are 
stored in a memory (paragraph 147, Williams). 

With respect to claim 28, ' 

Williams discloses the method of claim 24 wherein the testing step further 
comprises scanning a target to provide a system scan (paragraphs 0109, Williams). 



With respect to claim 29, 
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Williams discloses the method of claim 28 further comprising the step of 
providing a test set as a function of the system scan (paragraphs 0111-0112, 
Williams). 

With respect to claim 30, 

Williams discloses the method of claim 24 the prioritized report further includes 
an IP address of the target (paragraph 0170, Williams). 

With respect to claim 31 , 

Williams discloses the method of claim 24 wherein the. vulnerabilities data is 
defined by Common Vulnerabilities and Exposures (paragraph 0168, Williams). 

With respect to claim 32, 

Williams discloses a information system for effectively and efficiently identifying 
violations of privacy and security and guidelines, comprising: 

a. a vulnerability database having universal definitions applicable to different 
computing systems (paragraphs 54 and 70, Williams); 

b. a regulation database relating to a particular set of regulations (paragraphs 73 
and 166, Williams); 

c. a priority database relating to a list of vulnerabilities prioritized in a specific order 
(paragraph 212, Williams); 
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d. means for providing keywords that are common to the vulnerability, regulation 
and priority data (paragraphs 0139 and 0141, Williams); 

e. searching means for searching for the keywords in the vulnerability, regulation 
and priority data (paragraphs 0139 and 0141, Williams); 

f. a memory for storing relational data that was created by the searching means, 
the relational data establishes a specific relationship between the vulnerability, 
regulation and priority databases (paragraphs 0053 and 0136 - 0137, Williams); 

g. first determining means for determining a computer configuration for a target to 
be tested (paragraphs 56 and 103, Williams); 

h. customizing means for customizing a screening process for the target using the 
computer configuration found in the first determining means (paragraphs 57 and 
99, Williams); 

i. testing means for testing for vulnerability violations in the target based upon the 
customized screening process (paragraphs 92 - 93 and 1 35, Williams); 

j. second determining means for determining, according to the vulnerability 
violations, which regulation data applies to which vulnerability data and the 
priority of the vulnerability violations (Figures 2 and 3, Williams); and 

k. a prioritized report corresponding to the vulnerability violations and the 

regulations that apply to the vulnerability violations (Figures 2 and 3, Williams). 

With respect to claim 33, 
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Williams discloses the system of claim 32 wherein the set of regulations are 
defined by Health Insurance Portability and Accountability Act (paragraph 0066, 
Williams). 

With respect to claim 34, 

Williams discloses the system of claim 32 wherein the set of regulations are 
defined by Graham Leach Bailey Act (paragraph 0066, Williams). 

With respect to claim 35, 

Williams discloses the system of claim 32 wherein the vulnerability violations are 
stored in a memory (paragraph 147, Williams). 

With respect to claim 36, 

Williams discloses the system of claim 32 wherein the testing means further 
comprises scanning a target to provide a system scan (paragraphs 0109, Williams). 

With respect to claim 37, 

Williams discloses the system of claim 36 further comprising a test set as a 
function of the system scan (paragraphs 01 1 1 - 01 12, Williams). 



With respect to claim 38, 
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Williams discloses the system of claim 32 wherein the prioritized report further 
includes an IP address of the target (paragraph 0170, Williams). 

With respect to claim 39, 

Williams discloses the system of claim 24 wherein the vulnerabilities data is 
defined by Common Vulnerabilities and Exposures (paragraph 0168, Williams). 

With respect to claim 40, 

Williams discloses the computer-executable process steps, stored on a computer- 
readable medium and executable by a processor to perform the steps of: 

a. provide vulnerability data having universal definitions applicable to different 
computing systems (paragraphs 54 and 70, Williams); 

b. provide regulation data relating to a particular set of regulations (paragraphs 73 
and 166, Williams); 

c. provide priority data relating to a list of vulnerabilities prioritized in a specific order 
(paragraph 212, Williams); 

d. provide keywords that are common to the vulnerability, regulation and priority 
data (paragraphs 0139 and 0141, Williams); 

e: search for the keywords in the vulnerability, regulation and priority data 
(paragraphs 0139 and 0141 , Williams); 
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f. create relational data based upon the search step, the relational data establishes 
a specific relationship between the vulnerability, regulation and priority data 
(paragraphs 0053 and 01 36 - 01 37, Williams); 

g. determine a computer configuration for a target to be tested (paragraphs 56 and 
103, Williams); 

h. customize a screening process for the target using the computer configuration 
found in the determine step (paragraphs 57 and 99, Williams); 

i. test for vulnerability violations in the target based upon the customized screening 
process (paragraphs 92 - 93 and 135, Williams); 

j. determine, according to the vulnerability violations, which regulation data applies 
to which vulnerability data and the priority of the vulnerability violations (Figures 2 
and 3, Williams); and 

k. create a prioritized report corresponding to the vulnerability violations and the 
regulations that apply to the vulnerability violations (Figures 2 and 3, Williams). 

With respect to claim 41 , 

Williams discloses the steps of claim 40 wherein the set of regulations are 
defined by Health Insurance Portability and Accountability Act (paragraph 0066, 
Williams). 



With respect to claim 42, 
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Williams discloses the steps of claim 40 wherein the set of regulations are 
defined by Graham Leach Bailey Act (paragraph 0066, Williams). 

With respect to claim 43, 

Williams discloses the steps of claim 40 wherein the test step further comprises 
scanning a target to provide a system scan (paragraphs 0109, Williams). 

With respect to claim 44, 

Williams discloses the steps of claim 43 further comprising the step of providing a 
test set as a function of the system scan (paragraphs 01 1 1 - 01 12, Williams). 

With respect to claim 45, 

Williams discloses the steps of claim 40 wherein the prioritized report further 
includes an IP address of the target (paragraph 01 70, Williams). 

With respect to claim 46, 

Williams discloses the steps of claim 40 wherein the vulnerabilities data is 
defined by Common Vulnerabilities and Exposures (paragraph 0168, Williams). 
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Conclusion 

7. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION. IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 
37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed 
within TWO MONTHS of the mailing date of this final action and the advisory 
action is not mailed until after the end of the THREE-MONTH shortened statutory 
period, then the shortened statutory period will expire on the date the advisory 
action is mailed, and any extension fee pursuant to 37 CFR 1 .136(a) will be 
calculated from the mailing date of the advisory action. In no event, however, will 
the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Navneet K. Ahluwalia whose telephone number is 571- 
272-5636. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Alam T. Hosain can be reached on 571-272-3978. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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